Security Basics mailing list archives
RE: Hacked (...still cleaning)
From: "Beauford, Jason" <jbeauford () EightInOnePet com>
Date: Tue, 19 Apr 2005 16:16:31 -0400
This wont delete it, but it might stop it from running: Right Click "My Computer" and click Properties or Start => Settings => Control Panel => System Click the Advanced Tab => Environmental Variables Under System Variables modify the path and remove C:\WINNT\SYSTEM32 or C:\WINDOWS\SYTEM32. Maybe remove C:\WIN..\SYSTEM as well. If you remove the paths, the file should not be able to be run from a commandline or from the START => Run menu, unless you manually specify the path in the command. Just an idea :) - JMB -----Original Message----- From: Mauricio Fernandez [mailto:mfernandez () fdta-valles org] Sent: Monday, April 18, 2005 4:34 PM To: security-basics () securityfocus com Subject: RE: Hacked (...still cleaning) One thing I am trying to do is to hide the cmd.exe file to avoid the possibility of running some programs. I searched the file on the hole system and deleted from \system32\ and \I386\ folders, copied into a folder no included on the system path with a different name. But if I invoke cmd.exe, it appears again on \system32\ Does anyone knows how to remove it? Mauricio Fernández S. IT Manager Tel. 591- 445-25160 Fax. 591- 441-15056 mfernandez () fdta-valles org www.fdta-valles.org Cochabamba - Bolivia
Current thread:
- RE: Hacked (...still cleaning) Horn Michael (Apr 20)
- <Possible follow-ups>
- RE: Hacked (...still cleaning) Beauford, Jason (Apr 20)
- RE: Hacked (...still cleaning) Serge Jorgensen (Apr 20)
- RE: Hacked (...still cleaning) Kirk Brady (Apr 20)
- RE: Hacked (...still cleaning) Jonathan Loh (Apr 21)
- RE: Hacked (...still cleaning) Kirk Brady (Apr 22)
- Password Audits Jair (Apr 25)
- Re: Password Audits Jeff Ferris (Apr 26)
- Re: Password Audits Mani.682001 () gmail com (Apr 26)
- Re: Password Audits Adam Jones (Apr 26)
- RE: Password Audits . (Apr 26)
- RE: Password Audits Donald N Kenepp (Apr 27)
- Password Audits Jair (Apr 25)